CompTIA Security Plus Mock Test Q968

A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

A. Assign users manually and perform regular user access reviews
B. Allow read only access to all folders and require users to request permission
C. Assign data owners to each folder and allow them to add individual users to each folder
D. Create security groups for each folder and assign appropriate users to each group


Correct Answer: D
Section: Access Control and Identity Management

Explanation:
Creating a security group for each folder and assigning necessary users to each group would only allow users belonging to the folder’s security group access to the folder. It will make
assigning folder privileges much easier, while also being more secure.

Incorrect Answers:
A: Assigning users manually and performing regular user access reviews would take longer than option ‘D’. The question asks for the best way to achieve the goal.
B: Allowing read only access to all folders and requiring users to request permission would require a lot of administrative effort. The question asks for the best way to achieve the goal.
C: Assigning data owners to each folder and allowing them to add individual users to each folder could defeat the principle of least privileges.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 294